Secunia Research has discovered a security issue in Opera, which can be exploited by malicious people to compromise a vulnerable system. The "Download" dialog provides the option to run a downloadable executable at a predictable location in the browser window. This can be exploited to trick a user into clicking on the "Run" button by positioning a new window on top of the "Download" dialog that is closed e.g. via a timeout shortly before the user clicks on a link within this window. Versions 10.53, 10.54, and 10.60 are affected.
6d6d66e9a32fff988d108b6aacf6aafbb0e751bab35b122c3740cd1095ab2b33
Secunia Research has discovered a vulnerability in Google Chrome, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by a use-after-free error when trying to display a blocked pop-up window while navigating away from the current site. Successful exploitation may allow execution of arbitrary code. Version 3.0.195.38 is affected.
ca51a53be3e2be60a135aef75af0e1b2b44ab80b91e0ccfa337b8c33ef7be350
Secunia Research has discovered a vulnerability in Firefox, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a race condition when accessing the private data of an NPObject JS wrapper class object if navigating away from a web page while loading a Java applet. This can be exploited via a specially crafted web page to use already freed memory. Successful exploitation may allow execution of arbitrary code. Firefox versions 3.0.7, 3.0.8, and 3.0.9 for Windows with JRE 6 Update 13 are affected.
59a414dd2e58d6c33945c4e0a4203f55a583994a9ddb89946f7965278edcebe0
Secunia Research has discovered a vulnerability in Internet Explorer 7, which can be exploited by a malicious website to spoof the address bar. The vulnerability is caused due to an error in Internet Explorer 7's handling of "onunload" events, enabling a malicious website to abort the loading of a new website. This can be exploited to spoof the address bar if e.g. the user enters a new website manually in the address bar, which is commonly exercised as best practice. The vulnerability is confirmed on a fully patched Windows XP SP2 system running Internet Explorer 7. Other versions may also be affected.
092e93a632b4f71f1943c00dcb9e6057e53974a29bc4c51666ffe12ca8e5216b
Secunia Research has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error within the exception handling of script errors. This can be exploited to corrupt memory via an HTML document containing specially crafted JavaScript that triggers certain errors simultaneously. Microsoft Internet Explorer 6.0 is affected.
dd22c9ed6d25b103da6b72c0e33253fcf2f55360ddb41df5df49a8f3b264a4d9
Secunia Research has discovered some vulnerabilities in Lotus Domino iNotes Client, which can be exploited by malicious people to conduct script insertion attacks. Affected versions include IBM Lotus Domino Web Access 7.x, IBM Lotus Domino Web Access (iNotes) 6.x, IBM Lotus Domino 6.x, and IBM Lotus Domino 7.x.
b55a4f37f4611abd8cbe649bb902701992e861abc861f2023115d74fa75039f7
Secunia Research has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to trick users into downloading and executing arbitrary programs on a user's system. A design error in the processing of mouse clicks in new browser windows and the predictability of the position of the File Download dialog box can be exploited to trick the user into clicking on the Run button of the dialog box.
add1b79fbba766c7c37cc6c8189b9162030b5a7c8c030db19bb507a324aed2cb
Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the shell script used to launch Opera parsing shell commands that are enclosed within backticks in the URL provided via the command line. Versions below 8.51 are susceptible.
7f5c14bdc2019e06d48256414bf2ea131c5f04ec0912f9ea8a1ed800db6da6a1
Secunia Research has discovered two vulnerabilities in the Opera Mail client, which can be exploited by a malicious person to conduct script insertion attacks and to spoof the name of attached files. Version 8.02 is affected.
aca5e53fd676ad9100ad9b6862edc517cceb04b62c8877cc5f3f751332155c93
Secunia Security Advisory - Secunia Research has discovered a vulnerability in SqWebMail, which can be exploited by malicious people to conduct script insertion attacks. The vulnerability is caused due to SqWebMail failing to properly sanitize HTML emails. This can be exploited to include arbitrary script code in HTML emails, which will be executed in context of the SqWebMail server, as soon as the user views a received email. Version 5.0.4 is affected.
9f8815d1479722e3a79864780a1f90bda89aae671d21b3d259241bad31b87763
Secunia Research has discovered a vulnerability in Mozilla / Mozilla Firefox, which can be exploited to spoof the source displayed in the Download Dialog box. The problem is that long sub-domains and paths are not displayed correctly, which therefore can be exploited to obfuscate what is being displayed in the source field of the Download Dialog box. The vulnerability has been confirmed in Mozilla 1.7.3 for Linux and Mozilla Firefox 1.0.
a34b640f70ddc606dfd05747def65a8fcb3787cf889e9e3a01a9b0f7515e55b9
Secunia Research Advisory - Multiple browsers suffer from multiple vulnerabilities. It is possible for a inactive tab to spawn dialog boxes e.g. the JavaScript Prompt box or the Download dialog box, even if the user is browsing/viewing a completely different web site in another tab. It is also possible for an inactive tab to always gain focus on a form field in the inactive tab, even if the user is browsing/viewing a completely different web site in another tab.
256a9cf72b138de62766e62d9cf3c869c5b78f2856b27be8a21cff2091527c98
Secunia Advisory SA11532 - Secunia has discovered a vulnerability in the Opera browser, which can be exploited by malicious people to fake (spoof) information displayed in the address bar. The vulnerability has been confirmed in version 7.23 for Windows and Linux. Prior versions may also be affected.
dc53e66630e90a2121277a9e645a4eb3320a8d21a55b9a23af104ae4d9089546
Secunia Research Advisory - Opera browser versions 7.10 and 7.03 suffer from denial of service and possible remote code execution vulnerabilities due to incorrect handling of long filename extensions.
6813e2fb04422a621b2923b0573f448627a664e0e64d5de3ab7ba2ce8d64ae00